{ pkgs, lib, config, inputs, hostName, hosts, ... }: let domain = "sourcephile.fr"; iface = config.services.nebula.networks.${domain}.tun.device; aubergine = import ../aubergine/networking/names-and-numbers.nix; in { imports = [ ../../domains/sourcephile.fr/nebula.nix ]; services.nebula.networks.${domain} = { listen.port = 10008; firewall = { inbound = [ { port = "any"; proto = "any"; groups = [ "sourcephile" "intra" ]; } ]; outbound = [ { port = "any"; proto = "any"; host = "any"; } ]; }; staticHostMap = { # Speed up discovering of aubergine at startup "10.0.0.8" = [ "${aubergine.wifiIPv4}.1:${toString hosts.aubergine.config.services.nebula.networks.${domain}.listen.port}" ]; }; settings = { punchy = { punch = true; respond = true; }; }; }; networking.nftables.ruleset = '' table inet filter { chain input-${iface} { } chain output-${iface} { tcp dport 9091 counter accept comment "Transmission RPC" counter accept } } ''; }